Nessus Plugin #10704
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
Apache Directory Listing
- Family:
- CGI abuses
- Category:
- infos
- Copyright:
- This script is Copyright (C) 2001 Matt Moore
- Summary:
- Checks to see if Apache will provide a directory listing
- Version:
- $Revision: 1.16 $
- Cve_id:
- CVE-2001-0731
- Bugtraq_id:
- 3009
- Xrefs:
- OWASP:OWASP-CM-004
- Description:
By making a request to the Apache web server ending in '?M=A' it is sometimes possible to obtain a
directory listing even if an index.html file is present.
It appears that it is possible to retrieve a directory listing from the root of the Apache
web server being tested. However, this could be because there is no 'index.html' or similar
default file present.
Solution:
Unless it is required, turn off Indexing by making the appropriate changes to your
httpd.conf file.
Risk factor : Low
Generiert am 27.04.2005 um 18:49:54 Uhr.